Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
API Validation XML Schemas do not forbid file system access (XXE) #1021
Just found a potential XXE vulnerability in vertx-web as show below, it seems function
Follow the OWASP guide below which provides concise information to prevent this vulnerability. https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Java
This issue is not affected by user/application input, but only by badly crafted application configuration. Users using the api contracts module with the default settings are not affected, only if explicitly enabled the XML validation and provided a malicious XSD as input.